System Settings
Table of Contents
Users
Overview of the User administration page. Here it’s possible to create, edit, and delete users. You can also reset their password from this page.
Note
When Active Directory integration is enabled, the users and managers are administrated through the Active Directory.
Users List
The listview provides administrators with some useful information and features. In the table the following columns are present:
- Username
Username of the user.
- User E-mail
E-mail address of the user.
- Cases
List of cases that the user has access to, separated by the pipe (“|”) symbol.
- Created At
Creation timestamp of the user.
- Actions
Yellow key button: Reset a user’s password.
Blue paper button: Edit a user.
Red trashbin button: Delete a user.
Creating a user
Creating a user is done by clicking the green “Add New” button. A popup will open:
Simply fill in the following details, and click “Add User” when done.
- Username
- Username for the new user. The username must be unique.This username is used to sign in into INDICA.
- Full Name
- Full name of the user. If given, this name will be displayed instead of the username.
- E-mail address of the user.
- Password (2x)
- Choose a password for the user.Use a strong password to prevent unauthorised access.
- Case(s)
- Choose the case(s) that the user should have access to.
- Role configuration (only available when AD integration is not activated)
- Choose role(s) for the new user.Available roles are dependant on the setup of Roles and Permissions.In the top drop-down, cases can be selected. Once a case is selected, roles can be selected in the bottom dropdown for each case.
Note
Creating users is not needed when AD integration is enabled and configured. INDICA will import the user’s information from the AD upon signing in.
Editing a user
Editing a user is done by clicking the blue paper button in the “Actions” column of the “Users List”. A popup will open:
Here you can edit the settings of the user. When done, click “Edit user” to save the changes.
Deleting a user
Deleting a user is done by clicking the red trashbin button in the “Actions” column of the “Users List”.
A confirmation popup will open. Click “Delete” to permanently delete the user. This action cannot be undone.
Note
Deleting a user that signed in using AD integration does not prohibit that user from signing in again. The user needs to be removed from the AD groups on the AD side.
Resetting a user’s password
Resetting a user’s password only works when there is no AD integration active.
Resetting a user’s password is done by clicking the yellow key button in the “Actions” column of the “Users List”. A popup will open:
Simply pick a new password, confirm it, and click “Reset Password”. The user can now authenticate using the new password.
Note
The user will not be notified by INDICA that their password has changed.
Resetting the admin password
When the password of the only Admin account has been lost, there is a way to reset the password.
To do this, SSH access and root-level permissions on the appliance are needed. When logged in into the appliance, navigate to the following directory:
cd /net/www
Then, run the following command:
php artisan user:resetpw
The command will ask for the username and then for a new password.
Note
When typing the new password, nothing will be displayed.
You should now be able to authenticate in the front-end with the new password.
Roles and Permissions
When working with sensitive data, protecting that data and making sure users will only see that they need to see is very important. To accommodate this, INDICA features a Roles and Permissions system. With this system, it is possible to define custom roles and assign permissions to those roles. This gives complete control over what a user can and cannot do, while still keeping it maintainable and scalable.
Introduction to Roles and Permissions
General information
Roles and Permissions are a part of the Admin portal. This means that only administrators (or anyone with the corresponding role, if assigned by an administrator) can change the setup of roles and permissions. Users with the Admin role are unlimited in their actions. However, every action an administrator takes is logged for audit purposes. Logged actions cannot be changed by any administrator.
Changing the setup of roles and permissions can (by default) only be done by Administrators. However, changing the roles and permissions is a permission in itself, meaning it can be assigned to other roles if desired.
Roles
A role can be assigned to a user or a group of users. These roles have permissions assigned to them. A user can have multiple roles, and roles can have multiple permissions.
Roles can be mapped to AD groups, more information about mapping can be found in the section Mapping AD groups to roles.
The following roles are configured by default:
- Admin
- Typically assigned to administrators.Administrators can see and do anything on the system.They have unlimited access to all cases and all settings.Administrators are responsible for setting up and maintaining the INDICA Appliance.
- Manage
- This role is intended for Case Managers.Case managers can see and change settings to the cases they are assigned on.They are responsible for case settings like workflows, tags, data sources, etc.
- Advanced User
- The “Advanced User” role is for trained and experienced users.This role gives more information and features on the Search page.
- Basic User
- The “Basic User” role is for new users with limited rights.This role gives access to a limited Search page with only basic functionality.
- System Api
- Internal system user. Is only used for INDICA’s inner workings.Changing or assigning this role is not needed.
Note
Roles are system-wide. This means that when a role is edited, the permissions of that role will apply to all cases that use this role. If this behavior is not desired, it is possible to create roles for a specific Case and use those roles for that Case. This allows administrators to have Case-specific roles (and permissions).
Permissions
A permission is something a user can see or do in the system. This can be assigning a tag, viewing document content, changing settings, etc. These permissions are attached to a role, and roles are attached to users (or AD groups, see Mapping AD groups to roles).
New permissions cannot be created by the administrator or any other user. This is because permissions are defined in the sourcecode of the INDICA Appliance. New permissions will be included in future releases of INDICA. If you’re an existing customer, they can also be requested. Contact INDICA for more details.
For a full list of all permissions, their description and which roles have which permission, please refer to the Default permissions matrix.
Note
Permissions cannot be deleted. They can be edited, but only the display name and the description can be changed.
Configuring Roles
Adding a new role
A new role can be created by clicking the “+ New Role” button on the “Roles” setup page. The following screen will open:
In this form, the following information is required:
- Name/Code
- Cannot be filled in by the user, will be generated based on the Display Name.
- Display Name
- Name of the role, for example “Basic User with advanced querying and filtering”.
- Description
- Description of this role, so they can be distinguished.
- Permissions
- Check the boxes for the required permissions.
Note
In this example, the new role is an extention of an already existing role. This means that if this new role is assigned to a user alongside the already existing role, the permissions of both roles will be combined. This makes it unnecessary to select all permissions while setting up this new role. The best course of action will be to select the extra permissions and assign both roles to the user(s). However, it is also possible to add the permissions of the “Basic User” role to this role as well, and only assign this role to the user(s).
Once all information is entered, it will look like the following image:
Once done, click “Save” to save your new role. It should now be displayed in the overview. This role can now be assigned to user(s).
Editing an existing role
To edit an existing role, click the “Edit” option. The following page will be displayed:
Simply make the edits needed, and click “Save” to save the changes.
Note
The system will immediately recognise the changes and assign the changed permissions to the users that have this role assigned. In some situations it may be necessary to sign out and sign back in for the changes to take effect.
Deleting an existing role
To delete an existing role, click the “Delete” option. A confirmation prompt will open, asking you if you’re sure you want to delete this record. Click “OK” to delete this role.
Note
Deleting a role that is assigned to user(s) may have implications on the permissions of the user(s). It is advised to deattach the role before deleting it.
Default permissions matrix
This table shows the Authorisation Matrix of the default roles and permissions.
Permission name |
Description |
Role(s) |
---|---|---|
users-create |
Grants permission to create new local users |
Admin |
users-read |
Grants permission to read users in Admin portal |
Admin |
users-update |
Grants permission to update users in Admin portal |
Admin |
users-delete |
Grants permission to delete local users in Admin portal |
Admin |
workflows-create |
Grants permission to create new workflows in Manage portal |
Admin |
workflows-read |
Grants permission to read existing workflows in Manage portal |
Admin |
workflows-update |
Grants permission to update existing workflows in Manage portal |
Admin |
workflows-delete |
Grants permission to delete workflows in Manage portal |
Admin |
gdpr-dashboard-use |
Grants permission to use the Privacy Dashboarding |
Admin |
document-download-use |
Grants permission to download original documents |
Admin |
mass-tagging-use |
Grants permission to use tagging in batches by query and page |
Admin |
query-to-csv-use |
Grants permission to export query results to CSV file |
Admin |
advanced-query-use |
Grants permission to use the Advanced Query Builder |
Admin |
advanced-filtering-use |
Grants permission to use Advanced Filtering |
Admin |
view-content-use |
Grants permission to view document content |
Admin |
comments-use |
Grants permission to create read update and delete comments on documents |
Admin |
all-duplicate-paths-read |
Grants permission to view all paths of a document with duplicates |
Admin |
tagging-use |
Grants permission to use the tagging functionality |
Admin |
tagging-create |
Grants permission to create new tags in Manage portal |
Admin |
tagging-read |
Grants permission to view existing tags in Manage portal |
Admin |
tagging-update |
Grants permission to update existing tags in Manage portal |
Admin |
tagging-delete |
Grants permission to delete tags in Manage portal |
Admin |
modify-permissions-use |
Grants permission to modify Roles & Permissions |
Admin |
blackline-create |
Grants permission to redact documents |
Admin |
blackline-read |
Grants permission to view redacted documents |
Admin |
blackline-update |
Grants permission to update already redacted documents |
Admin |
blackline-delete |
Grants permission to remove redacted documents |
Admin |
Cases
Overview of the Case administration page. Here it’s possible to create, edit, archive and restore cases.
Cases List
The listview offers some settings and features. The checkboxes can be used to toggle functionality or settings on a case. The columns in the table are:
- On
Whether the case is enabled or not. This setting can be toggled on the “Edit Case” page.
- Backup
Whether the case will be backed up when backup settings are configured.
- Spider?
Enable or disable the spider for this case.
Caution
Do not disable the spider during indexing.
- Arch.
Whether the case is archived or not.
- Class.
Enable or disable the Classification Module.
- GDPR
Enable or disable the GDPR module.
- Users
Name of the Active Directory group to grant “User”-level access to this case.
- Managers
Name of the Active Directory group to grant “Manager”-level access to this case.
- Actions
Yellow boxes button: Click this button to archive the case.
Blue paper button: Edit this case.
- Red trashbin button: Delete this case.
Note
All but one case can be deleted. The system needs at least one running case.
Adding a case
From this page, it’s possible to create a new case on the appliance. Simply click the “Add Case” button. You will be redirected to the following page:
Here you can fill in the following details:
- Name
Name of the case.
- Description
Description of the case.
- Enabled
Whether the case is enabled or not. If unchecked, the case will not show up for users and managers.
- AD Group for managers (Only available when AD integration is active and configured)
The Active Directory group that is used to grant users access to this case with “Manager”-level.
- AD Group for users (Only available when AD integration is active and configured)
The Active Directory group that is used to grant users access to this case with “User”-level.
- Extra role mappings (Only available when AD integration is active and configured)
This option allows you to map extra roles to AD groups. See Mapping AD groups to roles.
Tip
If AD integration is not enabled, it is still possible to set up Roles and Permissions for users.
When all details are filled in, click the “Create” button. A new case will be created. This may take several seconds, depending on the size of the system and the amount of indexed data.
Mapping AD groups to roles
If more roles need to be connected to AD groups, it is possible to map them. To do this, navigate to the Case settings page and edit the case in question.
It can also be setup during the creation of a new case.
You will see the following:
Two possible mappings may be presented already:
- Select AD Group for Managers
Use this option to select an AD group that will give its users the Manager role in INDICA
- Select AD Group for Users
Use this option to select an AD group that will give its users the User role in INDICA
In addition, the button “Add Role mapping” may be pressed to present a blank line:
In this line, select the desired role on the left side and the corresponding AD group on the right side. This step can be repeated for every role that needs an AD mapping.
Mappings can also be removed by clicking the red trashbin icon on the right side of the row.
In some situations, a message stating “Modifying AD mappings will logout all users belonging to the group” may be displayed. This means that users will get a forced logout in order for the new settings to take effect.
When done, click “Save” to store the settings.
Editing a case
To edit a case, navigate to the “Cases List” and click the blue paper icon in the “Actions” Column. The following page will open:
From here, it’s possible to edit the case. See “Adding a case” for details about the fields. Click “Save Changes” when the desired changes have been made.
This page also shows the users that have access to this case and the created collections in this case.
Archiving a case
To archive a case, navigate to the “Cases List” and click the yellow boxes icon in the “Actions” column. INDICA will now automatically archive this case. The case will be disabled and cannot be accessed anymore.
When the archiving is done, the case will be displayed in the “Cases Archive list”.
Note
This list displayes the archived cases by their Case ID as this is unique for every case.
From this list, the archived case can be downloaded in a .tar.gz format. The downloaded file will contain everything that is needed to later restore the case.
If the archived case is no longer needed, it can be deleted by clicking the red trashbin icon.
Caution
This action is irreversible and the data is lost permanently.
Restoring an archived case
INDICA offers the possibility to restore a previously archived case. To do this, navigate to the “Cases List” page. Here a section is shown where you can upload INDICA .tar.gz files.
Click the “Choose File” button to select the .tar.gz archive. After choosing the correct file, the upload will start. When the upload is done, click the “Submit” button to restore the case from the archive. The case will now be restored and displayed in the “Cases List”.
Deleting a case
Deleting a case is done from the “Cases List” page. In the “Actions” column, a red trashbin icon is displayed. When that icon is clicked, a confirmation box will pop up. This is to prohibit accidental deletion.
Caution
Deletion of a case is permanent and irreversible. This action cannot be undone.
There must always be one case in the system. The last case cannot be deleted.
Networking
Overview of the Networking page.
On this page, several settings regarding networking can be configured:
- Schedule bandwith throttling
Schedule how much bandwith the INDICA appliance may use at certain times/days.
- Network interface
Basic settings for configuring the network interface
- Mailer settings
Connect INDICA to a mail server so it can send out notifications
- Proxy settings
Configure a proxy server
- Zabbix monitoring
Configure zabbix monitoring
- SSL Settings
Configure a Secure Socket Layer certificate for the web front-end.
Schedule bandwith throttling
While indexing, the INDICA appliance can take up quite a bit of network bandwith. To make sure that the infrastructure will not be overloaded, you can schedule the maximum allowed bandwith to be used by the INDICA appliance.
There are two options for scheduling:
- Daily Schedule
This schedule will apply every day. It allows you to set a throttle start time and stop time, and the maximum Mbps it may use.
- Custom Schedule
This schedule allows you to select the days. It allows you to set a throttle start time and stop time, and the maximum Mbps it may use.
Setting a daily schedule
First, click the “Change schedule” button. You will be presented with the following options:
Then, pick a time for the throttle to start and to stop. Lastly, enter a value for the maximum Mbps the appliance may use.
Click “Save changes” to apply the schedule. The schedule should now be active.
Setting a custom schedule
First, click the “Change schedule” button. You will be presented with the following options:
Now click the days you want the schedule to be active. Then, pick a time for the throttle to start and to stop. Lastly, enter a value for the maximum Mbps the appliance may use.
Click “Save changes” to apply the schedule. The schedule should now be active.
Network interface
In most cases, the network will be configured by DHCP. In case that is not true in your setup, this panel allows you to set the correct network settings.
Here you can configure the following settings:
IP address
Subnetmask
Gateway
DNS Nameserver
Note
When the checkbox “Set by DHCP?” is checked, these settings cannot be changed.
Mailer settings
Here you can configure INDICA to connect to a mail server so it can send out emails.
It needs the following information:
Mail address
SMTP server
SMTP port
Mail user
Mail password
After entering the correct information, click “Save Changes” to apply the changes.
Proxy settings
This panel contains the Proxy settings.
Note
To use credentials, enter the settings in the following format:
http(s)://[user]:[password]@[proxyserver]:[port]
Zabbix monitoring
Here you can enter the settings for Zabbix monitoring.
It needs:
Zabbix Server (IP address)
Zabbix Hostname (usually ‘indica’)
SSL Settings
SSL Settings allows you to use SSL to secure the client-server traffic of the web-based frontend.
Note
Make sure all configuration is added correctly before enabling SSL. If SSL is enabled before all information is given, it may make the front-end inaccessable.
SSL can be set up in three ways:
Use a self-signed certificate
Submit a CSR (Certificate Signing Request)
Upload own certificate and keyfiles
Use a self-signed certificate
When clicking the button “New Self-Signed Certificate”, you will be prompted to fill in some information:
After filling in the fields, click “Submit”. The certificate is now active.
Important
Modern browsers may still notify to the user that the connection may not be secure when a self-signed certificate is used.
Submitting a CSR
When clicking the button “New CSR”, you will be prompted to fill in some information:
After filling in the fields, click “Submit”.
Upload own certificate and keyfiles
INDICA also provides the option to use your organisation’s own certificate and keyfiles. They can be uploaded after clicking the “Upload files” button. It wil then prompt the following files:
Upload the corresponding files, and then click “Submit” to activate.
Security
Security Settings allows different ways to authenticate users. It is possible to setup an integration with an Active Directory (AD) and OpenLDAP, as well as Single Sign On (SSO). There is also a setting to disable reading the ACL from shares. This means that every user in INDICA can see all documents, regardless of Whether or not they are allowed to see the document on the original data source.
Enabling Active Directory integration
Active Directory integration allows for user and group management in the existing AD/LDAP environment. To make use of it, an account which can be used to ‘bind’ to the AD/LDAP is needed. Then, fill in the following information:
Check the ‘Use AD integration’ box
Enter the hostname or IP. Usually, IP works better due to resolving the name.
Enter the correct port
Enter the Workgroup Name (NETBIOS)
Enter the Domain Name (realm)
Enter the Bind Username (with NETBIOS/realm notation)
Enter the password of the Bind User
(optional; if needed) Check the box ‘Authenticate against AD Forest’
Then, click on ‘Test Connection’. If everything is setup and entered correctly, INDICA should report back the first 10 AD groups it can find. If this is the case, click ‘Save Changes’ to store and apply the settings.
Now, the existing AD structure can be used to map existing AD groups to INDICA cases and roles.
This is done by setting up two (or more, depending on the Roles and Permissions setup) groups per INDICA case:
A User-level access group.
A Manager-level access group.
These two groups can then be linked to the corresponding INDICA case in the Case Settings. When all groups are set up, users can be added to or removed from the group at will. Edits to the groups in the AD/LDAP environment will be reflected in INDICA immediately.
Tip
More groups can be created and mapped to specific roles. See Mapping AD groups to roles for more information.
Enabling Single Sign-on
Single Sign-on(SSO) allows users to access the INDICA interface without having to bother with a username and password. INDICA will automatically sign in users if they are already authenticated.
SSO needs the following information:
Domain Controller
Domain Controller 2 (optional)
Workgroup Name (NETBIOS)
Domain Name (realm)
Second UPN Realm (only enter if specifically needed)
Appliance Name
Join Account (only used once)
Join Password (only used once)
When using SSO, some actions may be required on different parts of the infrastructure (outside the INDICA appliance). Use the following list to make sure everything is set-up properly:
NTP service available on DC1.
Appliance name needs to be added to DNS.
Join account has sufficient rights.
When everything is set-up properly, users should be able to access the INDICA interface without having to authenticate themselves.
Software & Support
The Software & Support section helps managing the current license, software versions, and support connection.
Activation Key
Here you can view and edit the software key that is used to activate your INDICA appliance.
Note
Please keep in mind that the keys are not interchangable between appliances, as they are tied to the hardware as well. In case a new appliance needs to be activated, contact INDICA support to assist you.
Software version
This panel allows you to check the current software version.
It shows you the current version number, as well as the version numbers of all the packages as well. It is possible to update packages by hand, and if needed, roll back to previous versions. This can only be done if there was a previous version installed on the appliance.
With the ‘Select package’ option, a package can be uploaded to the appliance. INDICA will automatically recognise the type of package uploaded, and it’s version and add the package to the overview if it has a newer version than currently active.
Clicking the switch in the ‘Previous’ column rolls back the version of active package.
Updates
This panel allows you to toggle automatic updates on or off. You can also specify Whether offline packages should be used or not.
Remote Connection
This option allows appliance administrators to toggle remote connections. The remote connections are used by INDICA engineers to remotely troubleshoot and support your appliance. It is advised to leave this setting turned on.
Here you can also copy the public SSH key of the appliance, and force a remote connection to the INDICA server.
General Settings
This section of the settings allow you to configure a few things:
- Use internal user DB
When not connected to an external authentication service, it is possible to use the internal authentication database.
- Solr Index Node
Location of the Solr index node. Only to be edited when running in a cluster Be careful, as changing this setting may lead to an unstable/broken cluster
- Solr Query Node
Location of the Solr query node. Only to be edited when running in a cluster Be careful, as changing this setting may lead to an unstable/broken cluster
- Tika Location Full URI
If Apache Tika is hosted externally, then edit this value to point the indexer to the correct location
- Enable logging API
Enable logging API so logging can be used with external programs/services
Warning
This might be a security issue! Case information will be accessible externally
Backup Settings
This page allows you to setup the backup location. It needs the following information:
- UNC path of the backup location
Location where INDICA can read and write it’s backups to
- Backup username
Username for INDICA to authenticate on the backup location
- Backup password
Password of the corresponding user that INDICA can use to authenticate on the backup location
Look and Feel
INDICA allows you to apply your custom Look and Feel to the appliance. This can be done on two levels:
- Appliance level
This is configured in the admin interface and applies to the admin section
- Case level
This is configured in the case management interface and applies to that case only This allowes for customised look and feel in different cases
The settings allow you to change the following:
- Application front-end language
Supported languages: Dutch, English, French, German
- Logo
PNG format, 250x50 pixels, max 20kb
- Fonts, interface and text colors
Allows changing the colors and fonts of the main interface
- GDPR fonts and colors
Allows changing the colors and fonts of the GDPR interface
When hovering the mouse over the color pickers, a preview is shown:
All values can be changed individually, and reset to default if needed.